Friday, May 01, 2009

Gunter Ollmann: A Botnet by Any Other Name

Gunter Ollmann writes on SecurityFocus:

The news has been awash the last few weeks with fears over globe-spanning botnets and their criminal intent: Conficker managed to hog the limelight for well over a month, and then came Finjan's disclosure of a previously unknown — and currently unnamed — botnet consisting of some 1.9 million malicious agents.

All this attention underscores a increasingly significant problem for botnet researchers: how precisely should botnets be usefully named?

It's not an easy problem to solve. The antivirus industry has had decades to reach a consensus for naming new malware, yet it has failed to do so. Such a track record does not build confidence for botnet naming. Despite botnets not being the same as viruses the historical process has been to name a botnet after the primary malware discovery, and this approach is already proving to be an increasingly redundant convention.

More here.


Post a Comment

<< Home